Royal Security Lite Documentation
Complete guide to protecting your WordPress site with Royal Security Lite. This free plugin provides essential security features including brute force protection, login security, hardening, and activity logging.
Getting Started
Royal Security Lite is a free, lightweight WordPress security plugin that provides essential protection against common threats. It's designed to be easy to use while providing effective security measures.
Key Features
Brute Force Protection
Blocks repeated login attempts and bans malicious IP addresses automatically.
Login Security
Math CAPTCHA on login forms and rate limiting for login attempts.
WordPress Hardening
Disable XML-RPC, hide WordPress version, secure file permissions.
Activity Logging
Track user logins, content changes, and security events.
Uptime Monitoring
Monitor your site's availability and get notified of downtime.
Vulnerability Alerts
Get notified when plugins or themes have known vulnerabilities.
Requirements
- WordPress 5.8 or higher
- PHP 7.4 or higher
Installation
From WordPress.org (Recommended)
Search for the plugin
In your WordPress admin, go to Plugins > Add New and search for "Royal Security Lite"
Install and activate
Click "Install Now" then "Activate" once installation completes
Configure your settings
Go to Royal Security in your admin menu to access the dashboard and configure your security settings
Start by enabling Brute Force Protection and Login Security from the dashboard. These provide immediate protection with sensible defaults.
Quick Start
Get protected in minutes with these essential settings:
Enable Brute Force Protection
Go to Royal Security > Login Protection and enable brute force protection.
Configure Login Limits
Set maximum login attempts (recommended: 5 attempts, 15 minute lockout).
Enable Hardening
Go to Royal Security > Hardening and enable recommended security measures.
Review the Dashboard
Check the security dashboard for any recommendations or warnings.
Brute Force Protection
Brute force attacks try to guess your password by attempting thousands of combinations. Royal Security Lite detects and blocks these attacks automatically.
How It Works
- Tracks failed login attempts per IP address
- After the configured max attempts, temporarily blocks the IP
- Blocked IPs see an error message with remaining lockout time
- Successful login clears the failed attempt counter
Settings
| Setting | Description | Default |
|---|---|---|
| Max Login Attempts | Failed attempts before lockout | 5 |
| Lockout Duration | How long to block the IP | 15 minutes |
Your IP address is automatically whitelisted while you're logged in as an admin. This prevents you from accidentally locking yourself out.
Login Security
Additional measures to protect your WordPress login page from unauthorized access.
Features
- Math CAPTCHA - Simple math question on login, registration, and password reset forms
- Rate Limiting - Limits requests to the login page (30 per minute)
The math CAPTCHA adds a simple security question that blocks automated bots while remaining easy for real users to solve.
WordPress Hardening
Hardening measures close common security holes in WordPress.
Available Options
- Disable XML-RPC - Blocks remote publishing attacks
- Hide WordPress Version - Removes version from source code and scripts
- Disable File Editor - Prevents theme/plugin editing from admin
- Security Headers - Adds X-Frame-Options, X-XSS-Protection, etc.
- Remove Header Links - Cleans up RSD, WLW manifest, and shortlinks
- Block User Enumeration - Disables author archives and REST API user endpoints
All hardening options are enabled by default. We recommend keeping them enabled for maximum protection.
Activity Log
Track important events on your WordPress site for security monitoring and accountability.
Logged Events
- User logins and logouts
- Failed login attempts
- Post/page creation and edits
- Plugin and theme changes
- User profile updates
- Settings changes
Log Retention
The Lite version keeps the last 100 log entries. Older entries are automatically removed to save database space. Upgrade to Pro for unlimited log retention.
Uptime Monitoring
Monitor your site's availability and get notified when it goes down.
Features
- Automatic hourly uptime checks
- Email notifications for downtime
- Uptime statistics and history
Troubleshooting
Locked out of your site?
If you've been blocked by brute force protection, see our Locked Out Recovery Guide for step-by-step database and FTP recovery methods.
Deleting and reinstalling the plugin won't unblock you - the block data is stored in the database. You must clear the rsl_ip_blocklist table.
Quick recovery options:
- Wait for the lockout period to expire (usually 15 minutes)
- Use phpMyAdmin to run:
TRUNCATE TABLE wp_rsl_ip_blocklist; - Access your site via FTP and rename the plugin folder temporarily
CAPTCHA not displaying correctly
- Clear any caching plugins
- Flush your browser cache
- Check for CSS conflicts with your theme
Conflict with other plugins
- Disable other security plugins (only use one at a time)
- Check the activity log for error patterns
- Contact support with specific error messages
Frequently Asked Questions
Is Royal Security Lite really free?
Yes! Royal Security Lite is 100% free with no hidden fees. It includes all the essential security features most sites need. The Pro version adds advanced features for sites requiring additional protection.
Will this slow down my site?
No. Royal Security Lite is designed to be lightweight. Security checks run efficiently and don't impact page load times for visitors.
What's the difference between Lite and Pro?
Royal Security Pro adds: firewall protection, malware scanning, two-factor authentication, file integrity monitoring, automated backups, database security, and priority support.
Can I use this with other security plugins?
We recommend using only one security plugin at a time to avoid conflicts. Royal Security Lite provides comprehensive protection on its own.